The 31-year-old activist, who has Asperger syndrome, lost his legal challenge to avoid extradition in September, and on Monday the Home Office said the necessary order allowing his removal had been signed after Rudd “carefully considered all relevant matters”.

The Home Office said Love “has been charged with various computer hacking offences which included targeting US military and federal government agencies”.

It didn't have to go this way. A UK court did find the US government's desire to extradite and prosecute understandable and explained away all the arguments Love raised against being forced to leave the country. In the court's estimation, the US prison system is more than capable of meeting Love's particular "needs." Apparently, the court has never read anything at all about the federal prison system. Maybe it feels throwing suicidal people into solitary confinement is just a part of the recovery process.

The group also wanted to know why it was so necessary to go this route. The UK court system is perfectly capable of handling the process without having to send someone with multiple mental health issues halfway around the world.

"We would like to ask, why then is the United States insistent on Mr Love's extradition, despite the UK having a proven track record of appropriately sentencing and rehabilitating individuals who have committed computer-hacking offences against the US?"

The answer is "because" and "if you like our surveillance partnerships, you'll do as you're asked." Theresa May pushed back against the US government's demands, but that was pre-Snowden. Now, everyone's favorite secret surveillance programs aren't so secret anymore and are facing numerous legal challenges. No one agency can do it all. The Five Eyes partnership is more important than ever because it allows participating countries to route legislative changes and court rulings.

That probably fed into Rudd's decision. Another factor may have been the ongoing hysteria over all things cyber. The US government is routinely hacked and this recent election opened the doors to fears that foreign powers could disrupt the oh-so-sacred election process. Anyone hacking into anything government-related is going to face the full force of as many federal prosecutors the DOJ can spare, so this should certainly go well for Love.

from the big-brothers-gotta-stick-together dept

Lauri Love, the British hacker the DOJ has been dying to get its hands on, has just been handed over to the US by his own government. The decision issued today [PDF] basically states that honoring extradition agreements is more important than any concerns issued about Love's health and well-being once handed over to US federal agents.

Mr Love’s Article 8 rights are clearly engaged. In balancing the factors for and against extradition I am satisfied that the very strong counter-balancing factors required to find extradition would be disproportionate are not found in this case. Mr Love faces extremely serious charges for offences of computer hacking over a period of one year from October 2012 to October 2013. I accept Mr Love suffers from both physical and mental health issues but I have found the medical facilities in the United States prison estate on arrival and during any sentence if he is convicted available to him, are such that I can be satisfied his needs will be comprehensively met by the US authorities.

I am satisfied Mr Love’s extradition would be compatible with his Convention rights and I send this case to the Secretary of State for her decision as to whether or not Mr Love should be extradited.

Once in the US, authorities have promised to address Love's mental and physical health concerns by placing him in "segregated housing" while determining if he's capable of being housed in the general population. As anyone who's followed prosecutions of whistleblowers and hackers knows, "segregated housing" is just a colorful term for "solitary confinement" -- not generally known to improve the mental well-being of people who've already expressed suicidal thoughts.

On top of a trip to solitary, Love will be facing charges from three jurisdictions related to the alleged hacking of multiple government/government contractor websites and databases.

Mr Love is accused in three indictments in three districts as follows:

(i) Southern District of New York – Mr Love faces two counts on Indictment, one of computer hacking (maximum sentence of 10 years imprisonment) and one of aggravated identity theft (maximum sentence of 2 years imprisonment to be imposed consecutively to the sentence for count 1).

(ii) The New Jersey request details two counts on one indictment. One count is conspiracy to access a computer without authorisation and obtain information from a department or agency of the United States (maximum sentence of 5 years imprisonment) and one of accessing a computer without authorisation and obtaining information from a department or agency of the United States (maximum sentence of 5 years imprisonment).

(iii) The Eastern District of Virginia request contains nine counts on an Indictment, count 1 – conspiracy to cause damage to a protected computer and to commit access device fraud (maximum sentence of 5 years imprisonment); counts 2 -7 – causing damage to a protected computer and aiding and abetting (maximum sentence of 5 years imprisonment); count 8 – access device fraud and aiding and abetting (maximum sentence of 10 years imprisonment) and count 9 – aggravated identity theft and aiding and abetting (maximum sentence of 2 years imprisonment).

There's little to be gained by adding up the maximum possible jail sentence facing Love. Rest assured, if convicted, it will likely be over a decade. Consolidation of the cases and charges is likely, but more than one of the charges carry possible 10-year sentences.

Meanwhile, back in the UK, Love has managed to escape being jailed for refusing to turn over passwords and encryption keys to law enforcement. UK investigators fought hard to force Love -- who they've never formally charged -- to crack open multiple seized devices for them. This attempt was shot down in May by a judge who viewed this as an end run around protections built into RIPA, the laws governing law enforcement's investigatory powers.

The final decision on Love's extradition is in the hands of Elizabeth Truss, the recently-appointed Secretary of State for Justice. Truss' previous government work doesn't really provide much guidance on which side she'll come down on this, but her voting record tends to indicate she's more sympathetic to national security/law enforcement interests than those of her constituents. Considering the UK and US have a very cozy surveillance relationship, it stands to reason Truss will likely decide to appease the DOJ, rather than overturn the court's decision.

from the sorry-doj dept

The Kim Dotcom extradition appeal is now under way, with the first question being whether or not the courtroom drama could be livestreamed on the internet for a global public to watch. The request was originally made by Kim Dotcom and his lawyers, but the lawyers for the US government opposed... because... well, just because.

"US defends mass surveillance programs with 'If you have nothing to hide, you have nothing to fear' but opposes live streaming of my hearing," Dotcom, who attended some of the hearing, said on Twitter.

Honestly, it's not at all clear why the government lawyers are opposing this other than to just oppose stuff and be generally obstructionist. However, it doesn't appear to have worked. A little while ago, Dotcom's lawyer Ira Rothken announced that the court had agreed to allow live streaming:

The Court granted Livestreaming today in the @KimDotcom case this is a victory for transparent justice in NZ - on YouTube soon live

from the this-is-disappointing dept

Last night, we posted the news that a judge in New Zealand had ruled that Kim Dotcom and his colleagues were extraditable. Dotcom is appealing the decision, so it's not over yet. Soon after the decision was announced, the full ruling by Judge Nevin Dawson was released. It's a staggering 271 pages, and I've spent a good chunk of today reading it over. Some parts of it are more compelling than others, and there may even be enough to support the ruling. However, what troubles me is how frequently Judge Dawson appears to totally, without question, accept the US government's arguments (as relayed by New Zealand prosecutors), despite the fact that many of them are clearly misleading at best, or downright incorrect.

It would take too long to go point by point through the whole thing, but I did want to highlight a few points that I found concerning. The key issue in the extradition fight is whether or not copyright infringement is an extraditable offense. Under the treaty between the US and New Zealand, it is not considered an extraditable offense, which is why a variety of other "conspiracy" charges are piled on in the complaint against Dotcom. Yet, Judge Dawson basically tosses much of that out, arguing that "conspiracy to defraud" is an extraditable offense, and copyright infringement can be a conspiracy to defraud. As Dotcom's lawyers noted yesterday, this would basically write out the fact that copyright is not an extraditable offense.

However, almost all of this "conspiracy to defraud," as well as the other issues that the court finds extraditable (such as "money laundering") are all based on the claims of the DOJ, many of which were presented ridiculously out of context by the DOJ in the original indictment, but which Judge Dawson takes as perfectly accurate, without considering alternative explanations. For example, there's the question of whether or not Megaupload had its own search engine. As we noted in the original indictment, this is particularly ridiculous. A key reason why the original Napster got shut down was because it had a search engine, which the court used to argue that it was more involved in the infringement. Thus, there's a strong argument for why a site should not have a search engine, in order to make it harder to find infringing materials. Yet, the DOJ argued that this was part of the "conspiracy" and that it showed that Megaupload was trying to hide the infringing activities from law enforcement. Damned if you do, damned if you don't. But Judge Dawson flat out accepted the DOJ's argument. Judge Dawson quotes a Skype discussion between two of Dotcom's colleagues, Mathias Ortmann and Bram Van Der Kolk, in which Ortmann notes that "searchability is dangerous and will kill us." And the judge concludes:

There was so much infringing content on the sites that its presence had to be disguised and made non-searchable. Traffic flowed to this content through third party sites.

That's one interpretation. A more plausible explanation could be that these guys didn't want to make their site easy to use for infringement and thus didn't make the material searchable. Instead, that's used against them.

Elsewhere, the judge uses a discussion between Kim Dotcom and Ortmann about how to make sure the service is "invulnerable" to legal challenges as proof that they "appreciated that Mega operated unlawfully and was at risk of being shut down by a court." Of course, a perfectly reasonable alternative explanation is that their discussion was on how to make sure they were not unlawful and not at risk of being shut down by a court. There are plenty of business discussions that tons of businesses could have like this that, devoid of context, could be presented in this misleading way. Any time any two executives from a business were to discuss specifics of making sure their business is legal could then be misrepresented as evidence that they "knew it operated unlawfully and was at risk of being shut down by a court."

There are lots of other examples of this, including conversations between basically all of the defendants discussing (and sometimes joking about) the possibility of lawsuits (most of which they assume would be civil lawsuits). But just because you think you might get sued is hardly evidence of a conspiracy or belief that what you're doing is illegal. I've had many discussions with our lawyers about doing things to protect ourselves from getting sued. That doesn't mean I believe I'm operating illegally. It means I understand the legal environment we operate in, where lawsuits happen frequently, and I'd like to minimize the risk. But in this case, every hint of Megaupload doing the same is treated as an admission of knowingly breaking the law. It's true that there are some conversations that do seem to go beyond this point, such as when Ortmann and Van Der Kolk complain that the business can't be sold because it's not "legit" -- so it's reasonable to argue that those are enough. But, so many of the conversations seem to be spun so far beyond reality that it makes the evidence appear a lot stronger than it really is.

Some of the evidence is just outright ridiculous. At one point, Ortmann sends Dotcom a link to an agenda for an "IP Crime Conference" that was hosted in the same building that was officially Megaupload's headquarters (a Hong Kong hotel) with the tagline "in the lion's den." The judge concludes that from this you can infer "Mega's business was copyright piracy." Huh? How is that a reasonable inference?

Now, I know that some folks are already banging angrily below in the comments about this, pointing out that of course Megaupload was used for infringement, and all of this is just hand-waving to ignore that fact. But that's not what I'm doing here at all. Yes, it's quite clear that Megaupload was widely used for infringement. But that alone is not a criminal offense. When the VCR was first introduced, it was widely used for infringement. When the mp3 player was first introduced, it was widely used for infringement. When the DVR was first introduced. Tape players. Photocopiers. Radio. But that alone does not constitute a criminal offense. Yet, here the judge seems to think that any weak inference that the execs at Megaupload knew that their service was used for infringement implicates them in a criminal conspiracy.

That seems incredibly problematic.

Similarly, as the DOJ did in its indictment, the Judge focuses a lot on the "incentive" program that Megaupload put in place, whereby users who post files that get a lot of downloads could profit from those downloads. The claim by the DOJ, and totally accepted by Judge Dawson, is that this is proof that they were encouraging infringement. But, again, such a program could just as easily be useful for non-infringing purposes as well. If you were a singer and wanted to give away your music for free, but still profit from it, you could see how this could be a compelling business model. In fact, some major recording artists, such as Busta Rhymes, were excited about using Megaupload in just this manner. Yes, obviously some would use this to post infringing files, but again the fact that some users could misuse the service does not mean the company's execs are criminals.

For example, the court uses the fact that Ortmann and Van Der Kolk messaged each other about how uploaded files in the program are "not yet" being "audited for copyright violation" as evidence that the program was designed to drive infringement. But there is no requirement under the law to proactively monitor the content for infringement. Later the judge uses the fact that the incentive program was purposely designed to "attract new users" and to reward "huge uploaders" as evidence that "this was not cyberlocker activity but mass distribution of illicit content." Again, this presumes that the only possible use for a cyberlocker is to store personal data, and not to use it to distribute and share files (many of which may be perfectly legitimate).

Again, some of the other statements may cross the line -- including discussions about specific users where the defendants appear to recognize that certain files are infringing. There are also discussions about whether to cut off incentive payments in cases where they know a user is uploading infringing material (where they don't cut off those payments). Those may be the most damning. But, again, straight up copyright infringement isn't supposed to be an indictable offense. And it's all this other stuff that the judge uses to argue some wider "conspiracy to defraud."

Also, as has been pointed out time and time again, there is no such thing as "secondary" criminal copyright infringement. That is, it's not a criminal offense if your tool is used by someone else to infringe. But all that basically gets ignored.

There's a lot more in there, and it's worth reading through and looking at all of the arguments and evidence. I can see why the judge ruled the way he did. And much of it is similar to the arguments in the original indictment. And, again, there may actually be enough in there for the extradition to go forward, but so much of it seems bound up in taking statements out of context that it seems pretty sketchy. If those kinds of arguments were dropped, and the ruling focused just on the clear evidence of some sort of plan to "defraud" it would seem like a much stronger argument. The fact that piece of evidence after piece of evidence just seems so... weak, raises serious questions about the whole decision.

from the and-on-it-goes dept

This doesn't come as a huge surprise, but minutes ago in New Zealand Judge Nevin Dawson gave the US Justice Department a bit of an early Christmas present in declaring that Kim Dotcom and his co-defendants in the Megaupload case are eligible for extradition, following the long extradition trial earlier this year. The judge apparently said that the evidence was "overwhelming" against the defendants. This does not mean that Dotcom and crew are boarding a plane across the Pacific just yet. They have 15 days to file an appeal and Dotcom's lawyers have already indicated that such an appeal is on the way (what did you expect?). Dotcom's lawyer Ira Rothken points out that under New Zealand's extradition agreement with the US, there is no extradition over copyright issues -- and argues this ruling renders such a safe harbor "illusory." Of course, even if that fails, there's still a separate process for approving the actual extradition, which would take place with New Zealand's Justice Minister, but that part of the process is more of a formality than anything else. It's not over yet, but at this point things are leaning strongly towards Dotcom and his colleagues being shipped to Virginia to face a US criminal trial.

from the well,-that's-interesting dept

The EU Parliament has just approved a measure (by a narrow 285 to 281 vote) telling EU member states to "drop any criminal charges against Edward Snowden, grant him protection and consequently prevent extradition or rendition by third parties, in recognition of his status as whistle-blower and international human rights defender." That's pretty huge. Of course, as a resolution, it's more symbolic than actually meaningful, because the member states may not follow through on the request. But it is an important step in the right direction.

At the same time, the EU Parliament reviewed some other issues concerning mass surveillance, including the whole EU-US safe harbor setup. As we noted, the EU Court of Justice recently tossed out that agreement, which is really creating a huge mess for the internet right now. The EU Parliament "welcomed" the ruling, and pushed for alternatives to the safe harbor agreement. As we noted, the safe harbor agreement was a bit of a mess, but it's important to have something in place to allow the internet to function -- and the real problem was the NSA surveillance program.

At the same time, of course, it's worth noting that surveillance by EU governments is just as bad (if not worse in many cases), and it seems the EU Parliament may be realizing that as well:

Parliament is concerned about "recent laws in some member states that extend surveillance capabilities of intelligence bodies", including in France, the UK and the Netherlands. It is also worried by revelations of mass surveillance of telecommunications and internet traffic inside the EU by the German foreign intelligence agency BND in cooperation with the US National Security Agency (NSA).

Simply blaming the NSA and the US for surveillance is missing the point. It's a pretty broad problem, where the NSA/US government is a huge part of the problem, but the EU doesn't exactly have clean hands either.

Again, as mere resolutions, these efforts have little binding authority, but at least people are coming to terms with the damage done and looking to move in the right direction. Declaring Snowden a whistleblower and protecting him against bogus legal threats and extradition would be a really huge step forward.

from the taking-it-up-a-notch dept

As Kim Dotcom's extradition case appears set to finally be heard (after many, many delays), Dotcom has brought in some interesting firepower. Presidential candidate and famed legal scholar Larry Lessig has submitted an affidavit that completely destroys the DOJ's case. He argues not only that Dotcom's actions do not amount to any sort of extraditable offense, but that they don't even seem to be against US law at all. If you've been following the case at all, you know that under the US/New Zealand extradition treaty, copyright infringement is not an extraditable offense. That's why the US has lumped in a bunch of questionable claims about "conspiracy" and "wire fraud." But most of those are just repeating the infringement claims in different ways. Lessig dismantles all of them and suggests the DOJ case is a lot of smoke and mirrors. His summary brings it all together:

It is my opinion that the Superseding Indictment and Record of the
Case filed by the DOJ do not meet the requirements necessary to
support a prima facie case that would be recognized by United States
federal law and subject to the US-NZ Extradition Treaty. An attempt
has been made to extract facts from multiple sources and over a wide
span of time, to organize a large number of otherwise disconnected
facts by using systematic phraseology and to juxtapose phrases in
order to create an impression of coherence and substance. However,
the attempt fails to reach its goals and any impression of coherence or
substance dissolves under examination. Insofar as they are alleged in
the Superceding Indictment and the ROC, respondents’ actions were
not prohibited by criminal statutes of the United States. Filings of the
DOJ attempt to create a false impression of criminal guilt and are not
reliable.

Lessig's detailed analysis covers many of the same issues I raised just days after the raid on Dotcom's mansion and his arrest. Basically, it appears that the DOJ is trying to make up a form of criminal copyright infringement that is based on "well, Hollywood really dislikes him." A key issue, as we've discussed in the past, is that there is no such thing as secondary criminal copyright infringement. The Supreme Court, in the Grokster case, created a concept known as inducement for civil copyright infringement, but criminal copyright infringement cannot be expanded by the courts -- only by congress. Yet, the DOJ is trying to pretend that there is such a thing as secondary criminal infringement, despite it not being in the law.

... criminal copyright liability cannot be broadened by invoking
civil concepts of secondary copyright infringement directly or under the
guise of the general aiding and abetting statute, 18 U.S.C. § 2. See
Sup. Ind. Counts Four, Five, Six, Seven, and Eight. The United States
legislature previously removed “aiding and abetting” from the copyright
act, evincing an intent to eliminate that form of liability

He further notes that the indictment and DOJ arguments repeatedly refer to the DMCA, but the DMCA is only for civil copyright infringement, not for criminal:

The DMCA is only a defense in the civil context because only civil
indirect or secondary liability is possible under the common law.
Common law liability principles cannot be extended to criminal liability,
which must be specifically proscribed by statute. See Dowling v.
United States, 473 U.S. 207, 213-214 (1985). Because there cannot
be common law crimes under United States law, the DMCA further
emphasizes that criminal indirect liability for copyright infringement
does not exist by statute.

And thus, Megaupload's "failures" to follow the DMCA cannot be the basis of criminal charges:

... allegations of defendant’s failure to maintain a DMCA
policy or defects in a defendant’s DMCA procedures cannot be the
basis of criminal copyright charges....

And, of course, he points out that under the Sony Betamax case that confirmed VCRs were legal in the US, the standard the Supreme Court set up was if a technology had "substantial non-infringing uses," which Megaupload clearly had.

Lessig also points out something that should be pretty obvious, but is often forgotten: the US Copyright Act does not apply outside the US.

An important limitation on enforcement powers of the DOJ is the
principle that the United State Copyright Act has no application outside
of the territorial bounds of the US, and therefore there is neither civil
nor criminal liability under United States law for acts of infringement
taking place outside of US borders.

And, yes, the DOJ points out that Megaupload had servers in the US, but as Lessig points out that's not enough under US law:

The Superseding Indictment does discuss the existence of
Megaupload servers in the United States.... But
the mere presence of data servers in Virginia does not establish that
direct infringement took place there. See, e.g., CoStar Group, Inc. v.
LoopNet, Inc., 373 F.3d 544, 549-50 (4th Cir. 2004) (holding that direct
infringement under the civil standard requires more than “mere
ownership of a machine used by others to make illegal copies” and
that there “must be actual infringing conduct[.]”); Cartoon Network LP,
LLLP v. CSC Holdings, Inc., 536 F.3d 121, 131-32 (2d Cir. 2008)
(direct civil infringement requires “volitional conduct,” not mere
ownership of device used by others to infringe).

The Superseding Indictment never states that any specific user, much
less any of the criminal defendants, chose to upload or download any
specific infringing work from within the United States.

That seems like a pretty big flaw in the DOJ's case.

Perhaps an even bigger flaw? The lack of any showing that any of the defendants engaged in all of the required elements for criminal copyright infringement:

the DOJ fails to show direct criminal
copyright infringement on the part of Megaupload personnel or on the
part of Megaupload cloud storage users. The allegations in the
Superseding Indictment and the Record of the Case do not match up
to all of the elements of offenses. Importantly, there is no showing that
any specific Megaupload representative or third-party user had the
requisite mens rea to willfully violate copyright law. There is an even
more fatal failure to show that Megaupload personnel agreed with a
third party user to commit such violations. An agreement requires
communications between defendants and the user, not just
discussions among Megaupload personnel and a general
“environment of infringement.” Attempts to juxtapose pieces of
allegations do not succeed in making even a single whole, unified
criminal charge.

As Lessig details, criminal copyright infringement requires willful infringement for the purpose of commercial advantage or private financial gain. The complaint does not do a very good job of showing the "willful" part. Just showing that the company was slow to take down content is not enough. In fact, Lessig points out, charges of criminal copyright infringement need to list out the actual works infringed and then show all the other necessary elements:

proof of charges of both Criminal Copyright
Infringement and also Conspiracy to commit such crimes must identify
specific copyrighted works on a work by work, link by link basis, and
describe the who, what, when, where, why, and how to meet all the
elements for each such instance and to examine fair use, amongst
other things. The “willfulness” requirement means that a person must
have had the specific intent to commit copyright infringement as to
each individual work.

And yet, the Dotcom indictment fails to do basically all of that.

As for the attempt to get around the fact that there is no secondary infringement in criminal law by saying, "oh, well, it's just aiding and abetting," that doesn't fly either. Yes, users may have willfully infringed, but the evidence is lacking that the Megaupload team did the same, and just "aiding and abetting" doesn't work:

Aiding and abetting requires a showing of “double wilfulness,” which is
lacking in the Superceding Indictment and ROC. A vague charge of
“making available” a copyrighted work under a theory of “Aiding and
Abetting Criminal Copyright Infringement,” is insufficient. In my opinion
the government has failed to allege sufficient facts that the
Megaupload defendants shared in any alleged infringer’s criminal
willful intent. Gestalt allegations that the Megaupload cloud storage
system brought about the arrangment that made the vague criminal
acts of the alleged infringers possible is insufficient “willfulness” as a
matter of law. As discussed above, Megaupload did not exercise
volitional control over user uploads, link sharing, and downloads.

Basically, he's calling out the fact that the DOJ is picking and choosing different actions by completely different actors and trying to tie them all together to create all the elements for criminal copyright infringement. But you can't do that.

The Supreme Court of the United States has stated that the aiding and
abetting statute converts an accomplice into a principal, but that aiding
and abetting is neither a separate crime nor is it relevant to the distinct
crime of conspiracy. See Pereira v. United States, 347 U.S. 1, 11
(1954) (“Aiding, abetting, and counseling are not terms which
presuppose the existence of an agreement. Those terms . . . mak[e]
the defendant a principal when he consciously shares in a criminal act,
regardless of the existence of a conspiracy.”) (emphasis added).
Therefore, allegations that defendants aided or abetted a crime of
copyright infringement do not amount to an extraditable offense. The
crime, if it exists, must be specifically shown.

A similar argument dooms all the "conspiracy" charges. End users may have willfully infringed, but that doesn't create a "conspiracy" between them and the Megaupload team.

United States v. Hickman, 626 F.3d 756 (4th Cir. 2010), a decision by
the Fourth Circuit Court of Appeals is particularly instructive. In that
case, the court was asked to decide if a store that sold thousands of
glass vials was engaged in a conspiracy to distribute heroin, since it
was well known that such glass vials were used primarily to package
heroin for sale. Id. at 767-73. The Fourth Circuit explained that merely
selling the vials was not sufficient to demonstrate the crime of
conspiracy without something more. Id. The court would have required
that the defendant possess explicit knowledge of specific plans to
distribute heroin in order to be convicted of conspiracy. Id. This is
consistent with other Fourth Circuit decisions which generally require a
"showing that the defendant knew the conspiracy's purpose and took
some action indicating his participation." Chorman, 910 F.2d at 109.

As mentioned above, a member of the conspiracy must undertake
some "overt act" which furthers the underlying offense of the
conspiracy. Chorman, 910 F.2d at 109. Thus, in order to properly state
a claim for conspiracy to commit felony copyright infringement, there
must be an agreement between two individuals to commit that crime,
and then one of the individuals, who is a party to the agreement, must
commit an act in furtherance of that crime.

As discussed above, infringing acts are alleged to have been
committed by unnamed Megaupload users. A crime of conspiracy
requires an agreement with criminal infringers. No such agreement is
shown.

Lessig notes that while the record in the case shows lots of communication between Megaupload staff, it shows none between the staff and the users of the site who are actually doing the infringing. That's a pretty weak conspiracy.

there is no allegation of direct
communication with the user, and no reason to believe that the
Megaupload employees entered into a relationship with the user
beyond a series of retail transactions regarding cloud storage space
on the Megaupload leased servers.

Lessig also rips apart the arguments for wire fraud, noting that they all seem to be based on the idea that Megaupload didn't abide by the DMCA (again a US law).

Alleged frauds revolve around Megaupload’s practices under the
DMCA and around an “Abuse Tool” Megaupload provided to copyright
owners or agents who wanted to deliver to Megaupload DMCA notices
of infringing materials on the Megaupload site and automatically
disable access to such materials. It is alleged that Megaupload made
misrepresentations in connection with the Abuse Tool, promising to
delete access to referenced materials while only deleting the
referenced URLs and without deleting all other URLs in the database
that pointed to such materials. It is further alleged that the Abuse Tool
did not operate as represented, that deletions were delayed and that
the site promised to terminate repeat infringers but failed to do so....

As mentioned above, the DMCA serves to explicitly limit the copyright
liability of Internet service providers and to provide a “safe harbor” from
copyright claims.... If an online service provider like Megaupload is noncompliant
the result is loss of the civil safe harbor defense not a
criminal fraud.

Furthermore, Lessig notes that for there to be wire fraud, US law requires a scheme to defraud users and then the use of mail or wire in furtherance of that scheme. Yet the indictment is lacking in defrauded parties.

It is alleged that Megaupload received “advertising revenue as a result
of the continued availability of files,” while never stating that the
copyright holders themselves made any pay outs....
Thus, there is no allegation that the advertisers were ever lied to,
deceived or misled; in other words, the party deceived and the party
that lost property were two completely different individuals.

It is also alleged that Megaupload received money from users who
purchased premium subscriptions.... However, as
with the advertisers, there is no indication that the users were
deceived or misled in any way.

Moreover, the DOJ must look at the monies actually received when
charging the crime of wire fraud, and cannot look to any “intangible
right” that may belong to the copyright holder. United States courts
have explained that intangible rights cannot form the basis of a wire
fraud charge. See United States v. Hilling, 891 F.2d 205, 208 (9th Cir.
1988) (reversing a mail fraud conviction based on intangible rights).
Nor is a “license” a recognized property right. See United States v.
Schwartz, 924 F.2d 410, 418 (2d Cir. 1991) (overturning wire fraud
conviction because “[t]he [] licenses given appellants were merely the
expression of its regulatory imprimatur, and they had no other effect as
‘property’”).

And all of that dooms the wire fraud claims:

In sum, the DOJ only alleges that one party was deceived: the
copyright holders.... However, that party cannot lay a
claim to a recognized property right that Megaupload is alleged to
have taken; at best the rights claimed would be the right to license
their works, or similar intangible rights which cannot form the basis of a
wire fraud conviction.

Another defect in the DOJ approach is that it is contrary to the DMCA.
The Fourth Circuit has repeatedly upheld the principal of statutory
interpretation which holds that courts “must give effect to every
provision and word in a statute and avoid any interpretation that may
render statutory terms meaningless[.]” Scott v. United States, 328 F.3d
132, 139 (4th Cir. 2003). Here, in order to give proper effect to the
DMCA, the wire fraud statute cannot be interpreted to criminalize
Megaupload’s conduct.

Lessig also attacks the idea that Megaupload even violated the DMCA in the first place. As he notes, the law says a service provider needs to "reasonably implement" a DMCA policy, but leaves the interpretation of "reasonably implements" up to the courts. And the standard interpretation, from the Perfect 10 v. ccBill case is that it's reasonably implemented "if it has a working notification system, a procedure for dealing with DMCA-compliant notifications, and if it does not actively prevent copyright owners from collecting information needed to issue such notifications." And Megaupload had all of that.

The DOJ, instead, is rather incredibly arguing that because Megaupload did not immediately delete 100% of infringing files, it violated the DMCA and thus is guilty of criminal copyright infringement. That's stretching the laws way past breaking points in multiple directions.

The DOJ does not allege that Megaupload had no policy at all, nor
does the DOJ allege that Megaupload “actively prevent[ed] copyright
owners from collecting information[.]” Instead, the DOJ charges a
much lower standard: that Megaupload failed to terminate 100% of all
repeat infringers, ... and moreover, that this failure, in
the face of Megaupload’s stated policy, was a misrepresentation
sufficient to sustain a charge of wire fraud....

The purpose of the DMCA is to prevent liability where a defendant has
stated a policy and reasonably implemented it—not where a defendant
has failed to terminate each and every repeat infringer. Indeed, the
statute recognizes that service providers are not required to terminate
all repeat infringers in order to comply with the DMCA (17 U.S.C. §
512(I)(1)(A)) or to remove their posted content. See e.g. Perfect 10,
Inc. v. Giganews, Inc., 2014 WL 8628034, at *9 (C.D. Cal. Nov. 14,
2014) (“Giganews had no obligation to indiscriminately remove every
post a repeat infringer ever posted and Perfect 10 may not shift its
burden of policing copyright infringement to Giganews in the guise of a
claim for direct infringement.”).

Were the DOJ able to simply charge defendants with a separate crime
(in this case wire fraud) then the liability safe harbor becomes
meaningless, and Scott v. United States is thus violated. As a result, it
is improper to interpret the wire fraud statute as criminalizing
Megaupload’s actions, and the proper interpretation is to give effect to
the DMCA’s stated safe harbor provisions.

Lessig also points out that the DOJ is just wrong on its argument that after receiving a notice on a file, Megaupload must delete all versions of that file. That's not what the law says at all.

The DOJ appears to be asserting that an online operator who receives
copyright take down notices identifying one URL must search for and
delete all duplicate files in the system or be subject to a copyright or
fraud claim. In my opinion the DOJ’s theory of copyright or fraud
liability is erroneous.

Megaupload reduced operating loads by “deduplication,” namely
maintaining only a single copy of a file in its database and generating
multiple pointers to such file. Each pointer identified an uploader of the
common file. It is possible for one uploader to have a right to fair use
of a copy of a file, e.g., a purchaser uploading a backup or an
educational organization offering critical commentary, while other
uploaders might have no such fair use right. It is contrary to the
purpose of the DMCA that a fair use right would be violated though a
take-down notice directed at another person’s wrongful use. If such a
violation were to occur, the provider of the take-notice would be
subject to liability under the DMCA (17 U.S.C. § 512(f)).

Such an approach can lead to mass DMCA 512(f) misrepresentation
claims against the DMCA noticing parties.

As he notes, the US courts -- particularly in the Lenz case -- have said that takedowns require looking at fair use. And if the DOJ's theory was accurate, that would be wiped out, because notices would be sent for files without any idea if they were fair use or not.

There's a lot more in the document, but it basically picks apart the entire DOJ indictment, and points out that they're making up new criminal theories that they're not allowed to, and misrepresenting other claims at the same time. Thus, not only is it not clear that Dotcom did anything deserving of extradition, it's not even clear that he broke any laws at all.

Of course... whether or not the New Zealand court pays attention to any of this, remains to be seen -- but it is a strong argument from a well respected and knowledgeable source.

from the blind-justice dept

Despite two earlier rulings that the US Justice Department needed to provide Kim Dotcom and others involved in Megaupload with the actual evidence being used against them for the extradition trial, an appeals court overturned those rulings and now the New Zealand Supreme Court has agreed in rejecting the request. While the chief judge dissented, the majority found that the extradition treaty does not require the country that has filed the charges against the individuals to provide the information and that the New Zealand courts have no real authority to order the US DOJ to provide the evidence. It does seem rather ridiculous that someone can be sent halfway around the world to face criminal charges without first being able to see the evidence against them, but that's apparently the law in New Zealand. They might want to fix that.

Either way, the actual extradition trial was recently pushed back until July (it had been scheduled to start in a few weeks). Seems quite bizarre that they're only just getting to the trial over extradition nearly two and a half years after Megaupload was seized and shut down. The judicial process isn't exactly known for its speed, which is kind of crazy when you realize how quickly (and with such flimsy evidence) DOJ and New Zealand officials acted to arrest Kim Dotcom and his colleagues.

On February 7th the deadline for Lauri Love to turn his encryption keys over to the UK government expired.

As the post on FreeAnons explains:

The UK government are now free to charge Lauri for his lack of cooperation with their demand for his passwords, in accordance with section 49 of the controversial Regulation of Investigatory Powers Act 2000, but what is section 49 and why is it being levied against Lauri Love?

Section 49 essentially allows the UK government to compel, under threat of up to five years imprisonment (this doubles to ten years if national security is seen to be
at stake), any citizen to disclose their personal encryption keys. The law allows for this legal compulsion on grounds ranging from "the interests of national security" to "the purpose of preventing or detecting crime" and "interests of the economic well-being of the United Kingdom".

Actually, RIPA's punishment for withholding keys seems to be up to two years' imprisonment in general, and up to five when the magic spell "national security" is invoked, but it's still a long time. And the crucial point is the following:

Lauri has been charged with no crime in Britain, yet their government is still invoking this law to attempt to force him to provide information that could incriminate him or damage his defense should he go to trial.

The indictment, which was released by the US department of justice on Monday, describes Love as a "sophisticated and prolific computer hacker who specialised in gaining access to the computer networks of large organisations, including government agencies, collecting confidential data including personally identifiable information from within the compromised networks, and exfiltrating the data out of the compromised networks".

"Gaining access", "collecting confidential data", "exfiltrating data out": isn't that precisely what the NSA and GCHQ have been doing around the world on a rather larger scale...?

from the dear-obama:-get-over-yourself dept

We've already discussed the general immaturity and petty nature of President Obama's decision to cancel his planned summit with Vladimir Putin over granting Ed Snowden asylum. Glenn Greenwald is now pointing out that beyond just being petty, it also shows astounding hypocrisy by the Obama administration. Various members of the administration (along with Congress) have been acting like it's the worst offense in the world that Russia -- with whom we do not have an extradition treaty -- turned down the request for extradition. Yet, as Greenwald highlights, the US quite frequently turns down these requests, and they don't turn into massive international incidents that top the headlines like this story.

[US refuses Bolivia's request to extradite its former CIA-supported president, Gonzalo Sanchez de Lozada, to stand trial on charges of genocide and other war crimes after de Lozada hires Democratic lobbyists to represent him]

The US constantly refuses requests to extradite - even where (unlike Russia) they have an extradition treaty with the requesting country and even where (unlike Snowden) the request involves actual, serious crimes, such as genocide, kidnapping, and terrorism. Maybe those facts should be part of whatever media commentary there is on Putin's refusal to extradite Snowden and Obama's rather extreme reaction to it.

There may, in fact, be legitimate reasons for refusing extradition requests. But for the US government to act like Russia's decision to give Snowden temporary asylum is some major slap in the face just seems pretty ridiculous in the face of its own actions.